Cloudflare is slow and Cloudflare can’t do much about it (opens in new tab)

(hiranyey.dev)

37 pointsdjvu972y ago37 comments

37 comments

fwlr2y ago

“Cloudflare is slow [in India] and Cloudflare [probably] can’t do much about it [but I don’t know because I’m not paying for support]” would be a more accurate title, although it’s far too snarky.

“Cloudflare is slow because of an Indian ISP” or “Cloudflare is slow in India and Cloudflare can’t do much about it” would both still be improvements.

MichaelZuo2y ago

"Cloudflare is slow in India and Cloudflare can’t do much about it because certain parties are unwilling to bear the cost of the necessary changes"

Would be the most accurate.

PrimeMcFly2y ago

So likely what happened is India just blocked one ISP because a website they wanted to block resolved to it, without bothering to check what the IP was or who it belonged to.

I remember Australia making similar mistakes when their list of sites to block got leaked, and it included URL's which were specific to logged in users (so it would have blocked that users login as opposed to the site).

hammyhavoc2y ago

Misleading title as it lacks context.

VoidWhisperer2y ago

It could be argued that the title is just plain wrong - this doesn't seem to be a problem with cloudflare as the title would imply, it is an issue caused by the user's ISP and other ISPs in their country blocking certain IP addresses for some reason or another.

awill2y ago

I think it's accurate. The first Cloudflare refers to the product, and the second Cloudflare refers to the company.

Ultimately if Cloudflare's customers see slow performance, it doesn't really matter who is to blame. The customers just have a bad experience.

3 more replies

throwaway752y ago

From India, and cloudflare to my website resolves to the same ip block. The 172.67.198.x is very much reachable. In fact I can ping and access the exact ip in the article. Not sure what the OP's problem was, but it does not seem to be cloudflare or a govt block.

Edit: Link to screenshots: https://imgur.com/a/d7zLuCP

benatkin2y ago

Russia has blocked Cloudflare before too. You can see it in the issues for jsDelivr (which apparently handles a lot of traffic for TASS, since they use the CDN and browsers don't share caches for privacy reasons). https://github.com/jsdelivr/jsdelivr/issues/762 https://news.ycombinator.com/item?id=24894135 https://learningjquery.com/2012/01/why-to-use-google-hosted-...

1 more reply

rektide2y ago

India is blocking a bunch of the IPs.

Here's a new acronym for us: "Problem Exists Between User And Internet; PEBUI.

This is definitely the next 5 years+ of computing. More and more nations making more and more wild ass decisions about the internet & users ending up disconnected. PEBUI.

throwawaaarrgh2y ago

It was a completely foreseeable result of a very small minority's war on internet standards. First forcing everyone to use TLS, and then forcing everyone to use stronger forms of TLS that couldn't be inspected. Absolutely no fucks given about the many downsides, no alternatives considered.

What did they think countries were gonna do? Just give up governing? Did they really think a web browser was going to defeat an entire nation state's domestic and foreign policy?

Rather than allow the user to determine their own level of security and privacy, they forced the user to choose the strongest method, which of course forced governments to use more extreme measures to fulfill their legislative requirements. Rather than just spying on users or filter their traffic, now they outright just block the internet. Thanks internet standards paternalists! Having no internet is so much better than internet without privacy.

xvector2y ago

> result of a very small minority's war [...] forcing everyone to use TLS

You are seriously suggesting that the move to TLS was a bad thing? Before the era of TLS, I, as a child, could see everyone's private information on any network I was on.

> user to determine their own level of security and privacy

Because your average person can be trusted to understand the nuances of cybersecurity? Get real! The average software engineer would struggle with these settings.

> Thanks internet standards paternalists! Having no internet is so much better than internet without privacy.

You're saying this sarcastically but it's absolutely true. If the government blocks a service because they can't use it to spy, citizens get angry at their government. Working as intended.

derefr2y ago

I mean, the real end-state of network security design is to force governments into a situation where they only have two options: let through everything, or completely block the entire Internet. At which point said government can’t pretend to outside observers that it’s actually offering anything called “the Internet” to those people, and has to admit that it is instead some kind of North Korea-like totalitarian state where only an elite class of proven patriots can be trusted to access the outside world. So then those outside observers can get mad, impose sanctions, etc.

its-summertime2y ago

Without TLS, blocking is unneeded yes, because they can just rewrite what you would read, make individual news articles disappear, etc. With TLS, you are near-explicitly informed that the people between you and your information source want to be involved in your access to knowledge.

Rather be clueless than have a mind full of lies, no?

geraldhh2y ago

> which of course forced governments to use more extreme measures to fulfill their legislative requirements

fuck this

PrimeMcFly2y ago

> First forcing everyone to use TLS, and then forcing everyone to use stronger forms of TLS that couldn't be inspected. Absolutely no fucks given about the many downsides, no alternatives considered.

Absolutely. Forcing strong TLS is absolutely a good thing. Enforcing privacy is absolutely a good thing.

The problem isn't with that decision, but the governments who don't understand that, and thus it is up to the citizens to change that.

1 more reply

rektide2y ago

> Rather than allow the user to determine their own level of security

You're proposing we let users "opt" into insecurity. And it doesn't seem like anything user's want: it seems like what governments what to coral their citizens into.

Further, I'm not sure what viable insecure plans we have that make sense; what has been on offer that we ought have considered?

It's just getting messy now, and who knows what's next, but I have a hard time seeing insecurity as going well for governments. I don't think they have the iron will to deny their citizens internet access, which is their only real power.

fomine32y ago

Right way

catminou2y ago

India is well known for blocking CDNs IPs for a variety of reasons (don't like the content, or because you can VPN on top of them).

I've seen some CDNs who don't use anycast and rely primarily on DNS to cycle thru the IP pools vended in India because the government is slow to add new addresses to block and they maintain a cool down period before reintroducing them.

The shitty part is that the entity in India issuing this never reaches out to the CDNs to communicate exactly what they object to.

stuckkeys2y ago

I don't have much to add about the title except to suggest taking it with a hint of skepticism. Personally, I have a strong affinity for Cloudflare. It has consistently come to my rescue on numerous occasions. I haven't encountered any issues with speed while using their services. It's possible that my fast ISP plays a role, or perhaps the original poster needs to optimize their CF services. However, I believe it's unfair to make a straightforward claim that "They are slow" without considering potential biases. The performance of the services will always vary, and ultimately, the maximum output will depend on the specifics (end point?)

1 more reply

throwawaaarrgh2y ago

I stopped using their caching because they literally won't stop caching the old version of my site. It's just a Google Pages site and I have no idea how to get them to refresh their cache. But a year later they still return the old page. Just using DNS pass through rather than caching and the site works fine.

selcuka2y ago

They have a "Purge Cache" [1] button on their UI (and there is also an API endpoint).

[1] https://developers.cloudflare.com/cache/how-to/purge-cache/

freitasm2y ago

This is not accurate ay all. A problem with ISPs blocking IP addresses is not a Cloudflare problem.

asdz2y ago

If only China have access to HN, we will get this kind of posts every second

bakugo2y ago

Not just a problem in india, happens in some european countries as well.

bawolff2y ago

Title seems a bit unfair. Tl;dr: cloudflare is slow due to gov censorship in india

re-thc2y ago

Even that's unfair. Not like every Indian ISP was tested.

kytazo2y ago

Doesn't get faster than cloudflare https://www.dnsperf.com/

benatkin2y ago

Except Cloudflare is irrelevant for people running their own little sites on VPSes, and can make it worse, as the article demonstrates.

neom2y ago

Any idea why DigitalOcean is so good?

re-thc2y ago

It uses Cloudflare.

1 more reply

dfsl2y ago

I agree with article's title that Cloudflare is slow but I don't agree that Cloudflare can't do much about it. For instance, putting efforts to remove bots and malicious actors from using its platform is one thing, Cloudflare can do with more seriousness.

Cloudflare turned out to be a big mistake for us. Read our experience:

https://freesoftware.life/how-to-speed-up-your-wordpress-web...

https://freesoftware.life/how-using-cloudflare-free-plan-des...

j / k navigate · click thread line to collapse

37 comments

fwlr2y ago

“Cloudflare is slow because of an Indian ISP” or “Cloudflare is slow in India and Cloudflare can’t do much about it” would both still be improvements.

MichaelZuo2y ago

"Cloudflare is slow in India and Cloudflare can’t do much about it because certain parties are unwilling to bear the cost of the necessary changes"

Would be the most accurate.

PrimeMcFly2y ago

So likely what happened is India just blocked one ISP because a website they wanted to block resolved to it, without bothering to check what the IP was or who it belonged to.

hammyhavoc2y ago

Misleading title as it lacks context.

VoidWhisperer2y ago

awill2y ago

I think it's accurate. The first Cloudflare refers to the product, and the second Cloudflare refers to the company.

Ultimately if Cloudflare's customers see slow performance, it doesn't really matter who is to blame. The customers just have a bad experience.

3 more replies

throwaway752y ago

Edit: Link to screenshots: https://imgur.com/a/d7zLuCP

benatkin2y ago

1 more reply

rektide2y ago

India is blocking a bunch of the IPs.

Here's a new acronym for us: "Problem Exists Between User And Internet; PEBUI.

This is definitely the next 5 years+ of computing. More and more nations making more and more wild ass decisions about the internet & users ending up disconnected. PEBUI.

throwawaaarrgh2y ago

What did they think countries were gonna do? Just give up governing? Did they really think a web browser was going to defeat an entire nation state's domestic and foreign policy?

xvector2y ago

> result of a very small minority's war [...] forcing everyone to use TLS

You are seriously suggesting that the move to TLS was a bad thing? Before the era of TLS, I, as a child, could see everyone's private information on any network I was on.

> user to determine their own level of security and privacy

Because your average person can be trusted to understand the nuances of cybersecurity? Get real! The average software engineer would struggle with these settings.

> Thanks internet standards paternalists! Having no internet is so much better than internet without privacy.

You're saying this sarcastically but it's absolutely true. If the government blocks a service because they can't use it to spy, citizens get angry at their government. Working as intended.

derefr2y ago

its-summertime2y ago

Rather be clueless than have a mind full of lies, no?

geraldhh2y ago

> which of course forced governments to use more extreme measures to fulfill their legislative requirements

fuck this

PrimeMcFly2y ago

> First forcing everyone to use TLS, and then forcing everyone to use stronger forms of TLS that couldn't be inspected. Absolutely no fucks given about the many downsides, no alternatives considered.

Absolutely. Forcing strong TLS is absolutely a good thing. Enforcing privacy is absolutely a good thing.

The problem isn't with that decision, but the governments who don't understand that, and thus it is up to the citizens to change that.

1 more reply

rektide2y ago

> Rather than allow the user to determine their own level of security

You're proposing we let users "opt" into insecurity. And it doesn't seem like anything user's want: it seems like what governments what to coral their citizens into.

Further, I'm not sure what viable insecure plans we have that make sense; what has been on offer that we ought have considered?

fomine32y ago

Right way

catminou2y ago

India is well known for blocking CDNs IPs for a variety of reasons (don't like the content, or because you can VPN on top of them).

The shitty part is that the entity in India issuing this never reaches out to the CDNs to communicate exactly what they object to.

stuckkeys2y ago

1 more reply

throwawaaarrgh2y ago

selcuka2y ago

They have a "Purge Cache" [1] button on their UI (and there is also an API endpoint).

[1] https://developers.cloudflare.com/cache/how-to/purge-cache/

freitasm2y ago

This is not accurate ay all. A problem with ISPs blocking IP addresses is not a Cloudflare problem.

asdz2y ago

If only China have access to HN, we will get this kind of posts every second

bakugo2y ago

Not just a problem in india, happens in some european countries as well.

bawolff2y ago

Title seems a bit unfair. Tl;dr: cloudflare is slow due to gov censorship in india

re-thc2y ago

Even that's unfair. Not like every Indian ISP was tested.

kytazo2y ago

Doesn't get faster than cloudflare https://www.dnsperf.com/

benatkin2y ago

Except Cloudflare is irrelevant for people running their own little sites on VPSes, and can make it worse, as the article demonstrates.

neom2y ago

Any idea why DigitalOcean is so good?

re-thc2y ago

It uses Cloudflare.

1 more reply

dfsl2y ago

Cloudflare turned out to be a big mistake for us. Read our experience:

https://freesoftware.life/how-to-speed-up-your-wordpress-web...

https://freesoftware.life/how-using-cloudflare-free-plan-des...

j / k navigate · click thread line to collapse